PRIVACY POLICY

1. INTRODUCTION

DevSync Software Solutions (hereinafter referred to as "Company," "We," "Us," or "Our") is committed to protecting your privacy and ensuring you have a positive experience on our website and while using our services.

This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our website, web applications, and digital services. It applies to all visitors and users of our website and customers of our services.

Important: This Privacy Policy is designed to comply with the Digital Personal Data Protection Act (DPDP), 2023 of India, the Information Technology Act, 2000, General Data Protection Regulation (GDPR) for EU residents, and other applicable privacy laws.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, mailing address, company name
• Account Information: Username, password, profile information, company details
• Communication Data: Messages, inquiries, feedback, support tickets, and correspondence
• Project Information: Website requirements, content, design preferences, business objectives
• Payment Information: Billing address, payment method (processed securely through payment gateways)
• Document and File Data: Any documents, images, videos, or files you upload or share

2.2 Information Collected Automatically

When you visit our website or use our services, we automatically collect:

• Technical Data: IP address, device type, operating system, browser type and version
• Usage Data: Pages visited, time spent on pages, click patterns, referring website
• Cookies and Tracking: Information stored through cookies, pixels, and similar tracking technologies
• Log Data: Server logs including access times, request methods, status codes, data transfer size
• Location Data: General geographic location based on IP address (city/country level)

2.3 Information from Third Parties

We may receive information about you from:

• Business Partners: Referral sources, affiliate partners, business associates
• Public Sources: Publicly available business registries, professional networks, public directories
• Third-Party Services: Analytics providers, payment processors, hosting providers
• Social Media: If you link your social media accounts to our services

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Delivery

• Providing website development, web applications, digital marketing, and SEO services
• Creating and managing your project and account
• Processing payments and invoicing
• Communicating about your project and services
• Delivering customer support and technical assistance
• Fulfilling your requests and inquiries

3.2 Business Operations

• Improving our services and user experience
• Analytics and performance monitoring
• Fraud detection and prevention
• Maintaining security and protecting against unauthorized access
• Auditing, troubleshooting, and system administration
• Business planning and product development

3.3 Marketing and Communications

• Sending promotional emails and marketing communications (with your consent)
• Informing you about new services, features, and updates
• Conducting surveys and gathering feedback
• Creating aggregate, anonymized insights and reports
• Retargeting advertising (if you have not opted out)

3.4 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Enforcing our Terms and Conditions and other agreements
• Protecting our legal rights and interests
• Responding to lawful requests from government authorities
• Preventing illegal activity and protecting safety

4. LEGAL BASIS FOR PROCESSING

Under DPDP 2023 and GDPR, we process your personal data based on the following legal grounds:

4.1 Consent

We process your data with your explicit, freely given, informed, and unambiguous consent. You can withdraw consent at any time by contacting us.

4.2 Contract Performance

Processing is necessary to perform our contractual obligations to you, such as providing services, processing payments, and fulfilling project requirements.

4.3 Legal Obligation

Processing is required to comply with applicable laws, regulations, and legal obligations in India and other jurisdictions.

4.4 Legitimate Interests

We process data based on our legitimate business interests, such as:

• Improving our services and user experience
• Preventing fraud and ensuring security
• Marketing our services (subject to your preferences)
• Maintaining and managing our business operations

4.5 Vital Interests

In emergencies where processing is necessary to protect life, health, or safety.

5. INFORMATION SHARING

5.1 With Whom We Share Your Information

We may share your personal data with:

5.2 Our Employees and Contractors

Employees and contractors who need access to your information to perform their job functions, subject to confidentiality obligations.

5.3 Service Providers

Third-party service providers who assist us in operating our website and providing services, including:

• Web hosting and cloud service providers
• Payment processors and financial institutions
• Email and communication service providers
• Analytics and monitoring providers
• Marketing and advertising partners
• Legal and accounting professionals

5.4 Business Partners and Affiliates

We may share information with our business partners for joint marketing initiatives or service integration (only with your consent where required).

5.5 Legal Requirements and Protection

We may disclose your information when required by law or when we reasonably believe that disclosure is necessary to:

• Comply with legal obligations and court orders
• Respond to government requests
• Enforce our Terms and Conditions
• Protect the security or integrity of our services
• Protect the rights, privacy, or safety of users or the public
• Prevent or investigate illegal activity

5.6 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will provide notice and you will have the opportunity to opt-out where legally permitted.

5.7 Data Protection Agreements

All service providers who receive personal data are contractually obligated to:

• Process data only as instructed
• Implement appropriate security measures
• Comply with applicable data protection laws
• Maintain confidentiality
• Assist with data subject rights requests

6. DATA RETENTION

6.1 Retention Periods

We retain your personal data only as long as necessary for the purposes for which it was collected. The retention period depends on the type of data and the context of processing:

6.2 Project-Related Data

Data related to completed projects is retained for:

• Active Projects: Duration of the project plus 6 months for support and documentation
• Financial Records: 7 years for tax and audit purposes (as required by law)
• Legal Evidence: As long as necessary for potential disputes or legal claims

6.3 Contact and Communication Data

Marketing emails: Until you unsubscribe or we receive explicit withdrawal of consent

Support communications: 2 years after the last interaction or until you request deletion

6.4 Technical and Usage Data

Log files and analytics data are typically retained for 90 days, with aggregated analytics retained longer for business intelligence purposes.

6.5 Deletion Requests

You may request deletion of your personal data at any time. We will delete or anonymize your data unless we have a legal obligation to retain it. We cannot delete data necessary to:

• Fulfill contractual obligations
• Comply with legal requirements
• Maintain financial and legal records
• Resolve disputes

7. YOUR RIGHTS

Under the Digital Personal Data Protection Act (DPDP) 2023 and other applicable laws, you have the following rights:

7.1 Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

7.2 Right to Correction

You have the right to request correction of inaccurate, incomplete, or outdated personal data. We will update your information promptly upon verification.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data, subject to legal and contractual obligations. We will delete your data within 30 days unless we have grounds to retain it.

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another data controller without hindrance.

7.5 Right to Restrict Processing

You have the right to request that we limit how we use your personal data while we verify its accuracy or handle a dispute.

7.6 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

7.7 Right to Object

You have the right to object to:

• Marketing and promotional communications (we will honor opt-out requests within 10 days)
• Automated decision-making that significantly affects you
• Processing based on legitimate interests

7.8 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the appropriate data protection authority or regulatory body in your jurisdiction.

7.9 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within 30 days (or as required by law). We may ask you to verify your identity before processing your request.

8. DATA SECURITY

8.1 Security Measures

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:

8.2 Technical Safeguards

• Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for sensitive data at rest
• Firewalls: Advanced firewalls and intrusion detection systems
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
• Secure Servers: Secure, isolated servers in protected data centers
• Database Security: Database encryption and regular backups
• Regular Updates: Timely security patches and system updates

8.3 Organizational Safeguards

• Employee training on data protection and privacy best practices
• Confidentiality agreements with all employees and contractors
• Regular security audits and vulnerability assessments
• Data protection policies and procedures
• Limited access to personal data on a need-to-know basis

8.4 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify you without undue delay (typically within 72 hours)
• Provide details of the breach and impact on your data
• Explain steps we are taking to address the breach
• Advise you on protective measures you can take
• Notify relevant authorities as required by law

8.5 Limitations

While we implement robust security measures, no system is 100% secure. You acknowledge the inherent risks of online data transmission and storage. We cannot guarantee absolute security of your personal data.

9. CHILDREN'S PRIVACY

9.1 Age Restrictions

Our website and services are not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13.

9.2 Parental Consent

If we discover that a child under 13 has provided us with personal data, we will:

• Notify the parent or guardian
• Obtain verifiable parental consent for continued use
• Delete the child's personal data if consent cannot be obtained

9.3 Teen Privacy

For users between 13-18 years old:

• We minimize data collection and use
• We provide enhanced transparency about data practices
• We do not engage in targeted marketing to minors
• Parents/guardians may request access or deletion of their minor's data

9.4 Parent/Guardian Rights

Parents or guardians may contact us to:

• Review their child's personal data
• Request deletion of their child's personal data
• Opt-out of future data collection from their child

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files stored on your device that contain information about your interactions with our website. We use cookies and similar tracking technologies to enhance your experience.

10.2 Types of Cookies We Use

10.3 Essential Cookies

Purpose: Enable core functionality such as navigation, security, and authentication

Consent Required: No (legally required for website operation)

Examples: Session cookies, CSRF tokens, login credentials

10.4 Performance Cookies

Purpose: Collect anonymous data about website performance and user behavior

Consent Required: Yes (in some jurisdictions)

Tools: Google Analytics, Hotjar, similar analytics providers

10.5 Functional Cookies

Purpose: Remember your preferences, settings, and previous interactions

Consent Required: Yes (for non-essential functional cookies)

Examples: Language preferences, theme settings, saved form data

10.6 Marketing Cookies

Purpose: Enable targeted advertising and retargeting campaigns

Consent Required: Yes (explicit consent required)

Providers: Facebook Pixel, Google Ads, LinkedIn, similar advertising networks

10.7 Managing Your Cookie Preferences

You can control cookies through:

• Cookie Banner: Accept/reject non-essential cookies through our website banner
• Browser Settings: Configure cookie acceptance in your browser preferences
• Browser Extensions: Use privacy-focused browser extensions to block cookies
• Opt-Out Links: Opt-out of specific marketing cookies via provider links

10.8 Pixel Tags and Web Beacons

We may use pixel tags (also called web beacons or clear GIFs) to track conversions, monitor email opens, and gather analytics. These are typically invisible 1x1 pixel images that track user activity.

10.9 Third-Party Tracking

Third-party service providers may place their own cookies on your device. We are not responsible for third-party cookie policies. Please review their privacy policies directly.

11. THIRD-PARTY LINKS

11.1 External Links

Our website may contain links to third-party websites, applications, and services. We are not responsible for:

• The privacy practices of third-party websites
• Information collected by third-party services
• Content or conduct on external sites
• Security or data protection measures of third parties

11.2 Your Responsibility

When you click on external links, you are leaving our website. We encourage you to review the privacy policies of any third-party website before providing your personal data.

11.3 Third-Party Integrations

If you use our website to access or integrate with third-party services (e.g., social media, payment gateways, APIs), those third parties may collect data about you in accordance with their own privacy policies.

12. INTERNATIONAL DATA TRANSFERS

12.1 Cross-Border Transfers

Your personal data may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not have data protection laws equivalent to those in your home country.

12.2 India as Primary Location

Our primary operations are based in India. However, we may transfer data to other locations for:

• Service delivery and technical support
• Cloud storage and backup
• Third-party service providers
• Business operations and analytics

12.3 Data Protection Safeguards

We ensure international transfers comply with applicable laws through:

• Standard contractual clauses (SCCs) for EU-India transfers
• Adequacy decisions where available
• Binding corporate rules for group companies
• Explicit consent from data subjects where required
• Contractual guarantees with recipients

12.4 GDPR and EU Residents

For residents of the European Union, any transfer of personal data outside the EU is conducted in compliance with GDPR Article 44-49. We implement appropriate safeguards to ensure your data remains protected.

13. POLICY UPDATES

13.1 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this policy indicates when it was last revised.

13.2 Notification of Changes

For material changes to this policy, we will:

• Notify you via email to your registered email address
• Display a prominent notice on our website
• Require your consent to material changes that increase our rights or limit your rights
• Provide at least 30 days' notice before changes take effect

13.3 Your Acceptance

Your continued use of our website and services after changes to this policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you may discontinue your use of our services.

14. CONTACT US

If you have questions about this Privacy Policy, concerns about our data practices, or wish to exercise your privacy rights, please contact us:

Data Controller/Company Information

Data Protection Officer / Privacy Inquiry

Grievance Redressal

Regulatory Authorities

You may also lodge a complaint with the following regulatory authorities:

• Data Protection Authority (India): The authority designated under the Digital Personal Data Protection Act, 2023
• GDPR Authority (EU): Your local data protection authority if you are an EU resident
• Other Jurisdictions: The relevant privacy or data protection authority in your country